Privacy Policy
Last updated: March 1, 2026
1. Who We Are
BlackpeakCFO™ ("we," "us," "our") is a fractional controller and CFO services firm operated by Stuart Wilson, ACMA CGMA, AICPA Member. We provide remote financial management, bookkeeping, management accounts, and advisory services to businesses across the United States.
Business address: Dallas, Texas, United States
Contact: privacy@blackpeakcfo.com
2. Information We Collect
Information you provide directly
- Contact information: Full name, business email address, phone number (optional)
- Business information: Company name, industry, approximate revenue range, number of employees, state of incorporation
- Scheduling data: Appointment times, meeting preferences, and notes submitted through our scheduling tool (Cal.com)
- Communications: Email correspondence, form submissions, chat messages, and any files or documents you share with us
Information collected automatically
- Device and browser data: IP address, browser type, operating system, screen resolution, and device identifiers
- Usage data: Pages visited, time spent on pages, referring URLs, and click patterns
- Location data: Approximate geographic location derived from your IP address (city/state level only — we use this to personalize content to your state)
Information we do NOT collect
- Social Security numbers or government-issued ID numbers
- Bank account numbers, credit card numbers, or financial account credentials
- Protected health information (PHI)
- Biometric data
- Information from children under 16
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Respond to your inquiry and schedule consultations | Your consent / contractual necessity |
| Deliver fractional CFO and controller services | Contractual necessity |
| Send service-related communications (onboarding, deliverables, invoices) | Contractual necessity |
| Send occasional updates about our services (with your consent) | Consent — you can opt out anytime |
| Personalize website content based on your location (e.g., state-specific compliance info) | Legitimate interest |
| Analyze website usage to improve our service | Legitimate interest |
| Comply with legal obligations (tax, regulatory, professional standards) | Legal obligation |
| Protect against fraud and security threats | Legitimate interest |
4. Who We Share It With
We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, and only to the extent necessary to operate our business:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cal.com | Scheduling consultations | Name, email, meeting times |
| Hosting provider (VPS) | Website delivery and form processing | IP address, form submissions |
| Email service | Sending service communications | Name, email address |
| Analytics (self-hosted) | Understanding website usage | Anonymized usage data |
We may also disclose information when required by law, regulation, subpoena, or court order, or when necessary to protect our rights or the safety of others.
5. Cookies & Tracking Technologies
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Essential | Maintains your session as you browse | Session (deleted when you close browser) |
| State detection | Functional | Personalizes content to your US state | 30 days |
| Cal.com embed | Third-party functional | Powers the scheduling widget | See Cal.com's privacy policy |
| Form preferences | Functional | Remembers multi-step form progress | 7 days |
We do not use advertising cookies, social media tracking pixels, or cross-site tracking technologies. We do not participate in any ad networks or data broker programs.
You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.
6. Data Retention
We retain your personal information only as long as necessary for the purposes described in this policy:
- Inquiry/contact data: 2 years from last contact (or until you ask us to delete it)
- Client engagement data: 7 years after the engagement ends (required by professional standards and tax regulations)
- Website analytics: Aggregated and anonymized — retained indefinitely
- Marketing consent records: Retained for the duration of consent plus 3 years
7. Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- TLS/SSL encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Access controls limited to authorized personnel only
- Regular security reviews and updates
- Professional indemnity insurance covering data handling
Despite these measures, no method of electronic transmission or storage is 100% secure. If you believe your information has been compromised, contact us immediately at privacy@blackpeakcfo.com.
8. Your Rights
Regardless of where you live, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your personal information (subject to legal retention requirements)
- Opt out of marketing communications at any time
- Request a copy of your data in a portable format
To exercise any of these rights, email privacy@blackpeakcfo.com. We will respond within 30 days (or sooner where required by state law).
9. State-Specific Privacy Rights
If you are a resident of any of the following states, you have additional rights under state law. We honor all of them.
California (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights:
- Right to Know: You can request the categories and specific pieces of personal information we've collected about you, the sources, the business purposes, and the third parties we share it with.
- Right to Delete: You can request deletion of your personal information, subject to exceptions (e.g., legal obligations, completing a transaction).
- Right to Correct: You can request that we correct inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. This right is not applicable because we don't engage in these practices.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.
- Right to Non-Discrimination: We will never discriminate against you for exercising your privacy rights.
To submit a request, email privacy@blackpeakcfo.com with "California Privacy Request" in the subject line. We will verify your identity before processing. Response time: 45 days (extendable by 45 days with notice).
California "Do Not Sell" disclosure: We do not sell personal information. We have not sold personal information in the preceding 12 months.
Virginia (VCDPA)
Virginia residents have the right to access, correct, delete, obtain a copy of, and opt out of the processing of personal data for targeted advertising or sale. We do not engage in targeted advertising or data sales. To exercise your rights, email privacy@blackpeakcfo.com. Response time: 45 days.
Colorado (CPA)
Colorado residents have similar rights to access, correct, delete, and obtain a portable copy of personal data, plus the right to opt out of targeted advertising, sale of personal data, and profiling. Contact: privacy@blackpeakcfo.com. Response time: 45 days.
Connecticut (CTDPA)
Connecticut residents have the right to access, correct, delete, obtain a copy of, and opt out of the processing of personal data for targeted advertising or sale. Contact: privacy@blackpeakcfo.com. Response time: 45 days.
Texas (TDPSA)
Texas residents have the right to access, correct, delete, and obtain a copy of personal data, and to opt out of sale of personal data or use for targeted advertising. The Texas Data Privacy and Security Act applies to businesses that process the data of Texas residents. Contact: privacy@blackpeakcfo.com. Response time: 45 days.
Other States
Privacy laws are evolving rapidly across the United States. If your state enacts new privacy legislation, we will update this policy and honor your rights under that law. We treat all U.S. residents with the same high standard of privacy protection regardless of state.
10. Children's Privacy
Our services are designed for businesses and business professionals. We do not knowingly collect personal information from anyone under the age of 16. If we learn that we have collected information from a child under 16, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at privacy@blackpeakcfo.com.
11. International Data
Our services are based in the United States. If you access our website from outside the U.S., your information will be transferred to and processed in the United States. By using our services, you consent to this transfer. We apply the same security and privacy protections regardless of where data originates.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we will provide additional notice (such as a banner on our website or an email notification to active clients).
13. Contact Us
If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights:
- Email: privacy@blackpeakcfo.com
- Subject line: "Privacy Inquiry" (or reference your state for state-specific requests)
- Response time: Within 30 days for general inquiries; within 45 days for formal state law requests
If you are not satisfied with our response, you may file a complaint with your state's Attorney General office.